Applications and high performance networks to support new usage models and services such as voice, video, transactions, and private data, present new challenges in the area of security. The need to protect data in storage or in transit for confidentiality and integrity is important, but supporting high speed cryptographic operations and storage required to maintain secured access to protected code and/or data adds to complexity and ultimately to expense.
One technique for creating and maintaining a secured, protected, or isolated partition or environment is known as establishing an enclave. An enclave is a set of information and processing capabilities that are protected as a group. The information and processing capabilities may include networks, hosts, or applications. When data and/or instructions for an enclave are loaded from external memory, they are decrypted, authenticated and then stored or cached in a protected memory. Similarly when data and/or instructions for an enclave are evicted from the protected memory, they are encrypted before being stored back to external memory. Secure enclave data is allocated to a particular process and associated with a unique enclave identifier for that process, such that access to the secure enclave data is restricted to an authorized process. Not even the operating system is permitted to access decrypted enclave data associated with an enclave identifier of a different process.
Therefore, when a process that has been allocated a secure enclave wishes to make use of an operating system call, fork( ), to create a duplicate of itself as a child process, the operating system cannot access the decrypted enclave data associated with the parent process. Accordingly, the operating system cannot duplicate the state of a parent process for a child process while the secure enclave allocated to the parent process is still active. Furthermore, when the operating system is performing paging in (i.e. loading) and/or paging out (i.e. evicting and writing back) of memory pages for a secure enclave, cryptographic operations must be performed on entire pages, which may be typically of 4 KB in size. Consequently, page copying operations for a secure enclave may require many tens of thousands of processing cycles. If a paging process is interrupted, it may need to be re-executed, but if servicing of interrupts were not permitted until paging operations for the secure enclave had completed, then the delayed servicing of interrupts may cause unacceptable glitches in some services such as voice, video and real-time transactions.
Therefore duplicating pages of data and state for a secure enclave of a parent process to fork a child process presents a set of unique security, user-experience and performance challenges. To date, solutions that address these challenges, potential performance limiting issues, and real-time complexities have not been adequately explored.